package cn.lx.auth.secutity.filter;

import cn.lx.auth.secutity.utils.AuthPropertiesUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.util.StringUtils;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;

/**
 * @ClassName RefererFilter
 * @Description: //todo
 * @Author: 落雪
 * @CreateDate: 2025/7/14 23:22
 * @UpdateUser: 落雪
 * @UpdateDate: 2025/7/14 23:22
 * @UpdateRemark:
 * @Version: 1.0
 */
public class RefererFilter implements Filter {
    private static Logger log = LoggerFactory.getLogger(ApiAuthorizationFilter.class);

    public RefererFilter() {
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest httprequest = (HttpServletRequest)request;
        HttpServletResponse httpresponse = (HttpServletResponse)response;

        try {
            String referer = httprequest.getHeader("Referer");
            if (StringUtils.isEmpty(referer)) {
                chain.doFilter(request, response);
            } else {
                boolean permitsFlag = false;
                String permits = "/api/**,/*/api/**," + AuthPropertiesUtil.referePermits;
                String requestUrl = httprequest.getServletPath().toString();
                PathMatcher matcher = new AntPathMatcher();
                String exclusions;
                if (!StringUtils.isEmpty(permits)) {
                    for(int i = 0; i < permits.split(",").length; ++i) {
                        exclusions = permits.split(",")[i];
                        if (!"".equals(exclusions) && matcher.match(exclusions, requestUrl)) {
                            permitsFlag = true;
                            break;
                        }
                    }
                }

                String activeReferer = AuthPropertiesUtil.activeReferer;
                exclusions = this.getDomain(referer);
                if (!permitsFlag && !StringUtils.isEmpty(activeReferer) && exclusions.indexOf(activeReferer) < 0) {
                    httpresponse.sendError(403, "不被允许的Referer请求!");
                } else {
                    chain.doFilter(request, response);
                }
            }
        } catch (Exception var13) {
            log.error(var13.toString(), var13);
            httpresponse.sendError(403, "不被允许的Referer请求!");
        }

    }
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    @Override
    public void destroy() {
    }

    private String getDomain(String urlStr) {
        String result = "";

        try {
            URL url = new URL(urlStr);
            result = url.getHost();
        } catch (MalformedURLException var5) {
            log.error(var5.toString(), var5);
        }

        return result;
    }
}

